oe/gpg_sign: add 'passphrase' argument to detach_sign method

This allows directly giving the passphrase, instead of reading from a file. [YOCTO #9006] (From OE-Core rev: fd55c6e86b38b33f62006324e73678a13a534220) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Markus Lehtonen <markus.lehtonen@linux.intel.com> 2016-02-10 16:15:58 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-19 01:01:25 +0000
commit: db7c7c2eceda534d0205c6d4eaf09fd192193fb7 (patch)
tree: 3184609dd0a6f130306b83d0ab10654a66aa5c9b /meta/lib/oe
parent: e845b75f8fc718765158a858cfe904c575315f45 (diff)
download: poky-db7c7c2eceda534d0205c6d4eaf09fd192193fb7.tar.gz
1 files changed, 20 insertions, 10 deletions
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
index c4cadd6a24..ada1b2f408 100644
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -50,20 +50,30 @@ class LocalSigner(object):
            bb.error('rpmsign failed: %s' % proc.before.strip())
            raise bb.build.FuncFailed("Failed to sign RPM packages")
-    def detach_sign(self, input_file, keyid, passphrase_file, armor=True):
+    def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True):
        """Create a detached signature of a file"""
-        cmd = "%s --detach-sign --batch --no-tty --yes " \
+        import subprocess
-                  "--passphrase-file '%s' -u '%s' " % \
-                  (self.gpg_bin, passphrase_file, keyid)
+        if passphrase_file and passphrase:
+            raise Exception("You should use either passphrase_file of passphrase, not both")
+        cmd = [self.gpg_bin, '--detach-sign', '--batch', '--no-tty', '--yes',
+               '-u', keyid]
+        if passphrase_file:
+            cmd += ['--passphrase-file', passphrase_file]
+        else:
+            cmd += ['--passphrase-fd', '0']
        if self.gpg_path:
-            cmd += "--homedir %s " % self.gpg_path
+            cmd += ['--homedir', self.gpg_path]
        if armor:
-            cmd += "--armor "
+            cmd += ['--armor']
-        cmd += input_file
+        cmd.append(input_file)
-        status, output = oe.utils.getstatusoutput(cmd)
+        job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE,
-        if status:
+                               stderr=subprocess.PIPE)
+        _, stderr = job.communicate(passphrase)
+        if job.returncode:
            raise bb.build.FuncFailed("Failed to create signature for '%s': %s" %
-                                      (input_file, output))
+                                      (input_file, stderr))
    def verify(self, sig_file):
        """Verify signature"""
author	Markus Lehtonen <markus.lehtonen@linux.intel.com>	2016-02-10 16:15:58 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-19 01:01:25 +0000
commit	db7c7c2eceda534d0205c6d4eaf09fd192193fb7 (patch)
tree	3184609dd0a6f130306b83d0ab10654a66aa5c9b /meta/lib/oe
parent	e845b75f8fc718765158a858cfe904c575315f45 (diff)
download	poky-db7c7c2eceda534d0205c6d4eaf09fd192193fb7.tar.gz

diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py index c4cadd6a24..ada1b2f408 100644 --- a/meta/lib/oe/gpg_sign.py +++ b/meta/lib/oe/gpg_sign.py
@@ -50,20 +50,30 @@ class LocalSigner(object):
50	bb.error('rpmsign failed: %s' % proc.before.strip())	50	bb.error('rpmsign failed: %s' % proc.before.strip())
51	raise bb.build.FuncFailed("Failed to sign RPM packages")	51	raise bb.build.FuncFailed("Failed to sign RPM packages")
52		52
53	def detach_sign(self, input_file, keyid, passphrase_file, armor=True):	53	def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True):
54	"""Create a detached signature of a file"""	54	"""Create a detached signature of a file"""
55	cmd = "%s --detach-sign --batch --no-tty --yes " \	55	import subprocess
56	"--passphrase-file '%s' -u '%s' " % \	56
57	(self.gpg_bin, passphrase_file, keyid)	57	if passphrase_file and passphrase:
		58	raise Exception("You should use either passphrase_file of passphrase, not both")
		59
		60	cmd = [self.gpg_bin, '--detach-sign', '--batch', '--no-tty', '--yes',
		61	'-u', keyid]
		62	if passphrase_file:
		63	cmd += ['--passphrase-file', passphrase_file]
		64	else:
		65	cmd += ['--passphrase-fd', '0']
58	if self.gpg_path:	66	if self.gpg_path:
59	cmd += "--homedir %s " % self.gpg_path	67	cmd += ['--homedir', self.gpg_path]
60	if armor:	68	if armor:
61	cmd += "--armor "	69	cmd += ['--armor']
62	cmd += input_file	70	cmd.append(input_file)
63	status, output = oe.utils.getstatusoutput(cmd)	71	job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE,
64	if status:	72	stderr=subprocess.PIPE)
		73	_, stderr = job.communicate(passphrase)
		74	if job.returncode:
65	raise bb.build.FuncFailed("Failed to create signature for '%s': %s" %	75	raise bb.build.FuncFailed("Failed to create signature for '%s': %s" %
66	(input_file, output))	76	(input_file, stderr))
67		77
68	def verify(self, sig_file):	78	def verify(self, sig_file):
69	"""Verify signature"""	79	"""Verify signature"""